Becoming a CEH

On March 26th, 2018, I became a Certified Ethical Hacker. You see, I’m transitioning out of the military soon and I want to work in cyber security. A few months ago, I set in motion my plan to get two or three certifications that covered as much of the DoD Approved 8570 Baseline Certifications table as possible. I decided on pursuing the CEH and the CISSP (more on that in a later postupdated post; I passed!), which together would cover 12 of 14 categories/levels. Since I am writing this from the perspective of a transitioning service member, some of the resources I mention will be limited to and/or geared toward active service members and/or veterans. Also keep in mind that 12 days before I sat for my exam, EC-Council announced v10 of the CEH, as well as the CEH Practical. I would venture to guess v10 has much of the same material and that you would be ok using only these resources, but keep an eye out for updated versions of the resources I mention.

To begin, I used the FedVTE Training Program to study at my own pace. If you are military/veteran, interested in cyber security, and haven’t heard of FedVTE, you need to go sign up now. You will probably not find a better source of free training material. The CEH material seemed a little disjointed to me, but the content was very valuable and I found it quite similar to the official CEH courseware.

Advertisement

To follow up on my self-study, I decided to attend a local New Horizons center’s online-live CEH class. Why? Because G.I. Bill! New Horizons’ policy is that students attending with the G.I. Bill will have their certification exam covered in the cost of the class. This accomplished two things: it spared me the process of getting EC-Council approval to take the exam and it meant the $950 test voucher was coming out of Uncle Sam’s pocket instead of mine. It also provided an impetus to pass the test on the first try. Using the G.I. Bill means that you must attend a New Horizons facility, even though the actual class is web-based (they must be able to prove to the VA that you attended). This wasn’t so bad, as it gave me a quiet, distraction-free environment to learn in (plus they had free snacks). Overall, I would rate this part of my preparation a 7/10. The instructor kept me engaged and was able to offer the kind of interaction you just can’t get from books or prerecorded lessons. They also provide some useful lab environments to practice using various tools covered in the training.

Throughout my self-study and classroom training, there were a few resources I used regularly to help me prepare for the actual exam. One was /u/Admiral-Chicken’s CEH notes. I’ve linked to a PDF I created in the list below, as well as the original Google Docs document and the Reddit post. The second was Safari Books Online. If you are active military, you can sign up for free when there are slots available. Otherwise, it is available for $39/month on the regular site. The number of technical books and training materials available through this program would be totally worth the $39/month, in my opinion. I used the Boson ExSim-Max for CEH v9, as recommended by many on Reddit. Finally, I used the Sybex Practice Tests book and the companion iOS app for further practice questions.

Of all of the additional resources I used, I would say Boson was the most valuable. They are extremely well-written questions, which in many cases are more technical than the actual exam, but they give you solid explanations for why an answer is the right one. The Sybex practice exams were most useful in the form of the iOS app, because no matter where I was, I could open it and run through a set of practice questions and jot down some notes on any that I missed.

Overall, I found the CEH certification process fairly enjoyable. It was my first real exposure to the IT certification process. Shortly after taking the exam, I got an email from EC-Council asking for my educational background, training center information, IT experience, etc. This appears to be a normal process if you finish the exam in under and hour or so (I took about 45 minutes). I sent them my info on a Friday, and by Monday they had released my exam from the audit queue and certified me.